Environment
Novell BorderManager 3.8
Novell NetWare 6.5
Novell NMAS Radius 4.14
Situation
Administrators desire the use of EAP (Extensible Authentication
Protocol, also refered to as IEEE 802.1x authentication) using
eDirectory.
Resolution
The NMAS Radius tool is not capable of handling EAP requests.
As of January 24, 2007, the only protocols supported by the NMAS
Radius service are :
- PAP
- CHAP
Additional Information
The reason that EAP is not operational is because it uses added
encryption - requiring the the RADIUS service to handle MD5
encryption (also known as hashes), TLS Tunnelling, and PKI API
calls to implement (in addition to others). A good software
package exists, FreeRADIUS, that runs on SLES Linux servers, which
can implement EAP in the many facets of RADIUS authentication -
EAP-TLS, EAP-PEAP, EAP-TTLS, and EAP-MD5. Using another Linux
distribution may or may not work due to the requirement of the
package to be compiled with the --with-edir option specified on the
./configure line.
If these encrypted mechanisms are required, consider the use of FreeRADIUS.
If these encrypted mechanisms are required, consider the use of FreeRADIUS.